|
A little while back I wrote about Hacking yourself first and detailed a bunch of different ways for developers to seek out risks in their own apps, hopefully before attackers find them first. I’m extremely enthusiastic about this approach and believe that developers need to hone cyber-offence skills in order to properly understand – and protect their apps from – risks on the web. There’s a heap more content coming from me along these lines in a variety of formats and today it’s a free video discussion. Watch this. Your web site will thank you.
|
|
|
|
|
I’m often called upon to investigate problems with an unfamiliar SQL Server database. So I need to gather information about the server and its databases quickly. With this in mind, I have a set of scripts that I typically run, and I’ll share these with you here.... Rather than describe the code in depth, I’ll describe its purpose and meaning. 6 steps for diagnosing SQL Server problems.
|
|
|
|
|
Hmmm, that's definitely not the first things I look at. Me, I look at normalization issues: foreign key relationships and particularly missing FK's that are usually the cause of data integrity issues, nullable field usage, etc.
Marc
|
|
|
|
|
The 3rd generation Apple already runs iOS, so “all” that’s missing is an App Store, some people say. Oh, and a way to control apps other than with the anemic Apple TV remote. The solution to the latter problem is the new game controller API introduced with iOS 7. I’m speculating that compatible game controllers can come from third party accessory manufacturers as snap-ons to your existing iDevices, and as low cost freestanding devices similar in form factor to Wii remotes and other game console controllers. A minor complication is that the existing Apple TV owners don’t have game controllers, so if an App Store is introduced, I will not “just work” for them. There's already an Apple TV API. It's called iOS + AirPlay.
|
|
|
|
|
In all of JavaScript, I’m not sure there is a more maligned piece than eval(). This simple function designed to execute a string as JavaScript code has been the more source of more scrutiny and misunderstanding during the course of my career than nearly anything else.... Despite popular theory (and Crockford’s insistence), the mere presence of eval() does not indicate a problem. Using eval() does not automatically open you up to a Cross-Site Scripting (XSS) attack nor does it mean there is some lingering security vulnerability that you’re not aware of. Just like any tool, you need to know how to wield it correctly.
|
|
|
|
|
A common misconception about open-source is that it means code that is available for zero cost. The “Free” part of “Free open-source” talks about freedom (as in “free speech”) and not about zero cost (as in “free beer”) – the freedom to read, modify and redistribute the code. While there is natural resistance to spending money on something you are used to getting for free, commercially supporting open-source has only benefits in the long run. There's no such thing as a free OS.
|
|
|
|
|
Microsoft and Oracle announced a lot of piece parts with their June 24 partnership around Azure and Oracle databases and middleware. Here's your Cliffs Notes version: Oracle apps are now certified to run on Windows Server, Hyper-V, and Windows Azure. Up until today, they were only certified to run on Windows Server. Oracle Linux also gets added to the list of Linux varianst supported in Azure's VMs, too. "We're happy to work in newer and more constructive ways with Oracle..." in our sandbox.
|
|
|
|
|
Investors were expecting a bad earnings report from Barnes & Noble on Tuesday morning, and they definitely got it: Barnes & Noble’s Nook business lost a lot of money, dragging down the entire company’s results. In response, Barnes & Noble said it will stop manufacturing Nook tablets in-house, though it will keep developing its e-ink readers. Another chapter in the e-book saga: E-readers are out. General-purpose tablets are in.
|
|
|
|
|
Good example of a bad title - it doesn't say E-readers are out, it simply says they're not going to make them in house. They'll still develop them and they'll still be made, but not internally.
|
|
|
|
|
Probably for the best; they suck at making them. My NOOK Color was fun to play with at first, but its limitations/quirks ended that honeymoon phase pretty fast.
|
|
|
|
|
Today Microsoft’s Rahul Sood announced the creation of Microsoft Ventures, the company’s collected efforts to provide software discounts to growing companies, incubate startups, and directly fund firms that it believes in. The breadth of the program may seem unfocused, but Microsoft Ventures’ mission fits well into the company’s former activities; it is comprised of the BizSpark program, expanded versions of Microsoft’s extant accelerator, and Bing Fund efforts. Also known as the Not Invented Here VC Fund.
|
|
|
|
|
The National Security Agency has backdoor access to all Windows software since the release of Windows 95, according to informed sources, a development that follows the insistence by the agency and federal law enforcement for backdoor “keys” to any encryption, according to Joseph Farah’s G2 Bulletin. Having such “keys” is essential for the export of any encryption under U.S. export control laws. ...since Windows 95. They have extensive Dr. Watson log data on file.
|
|
|
|
|
So what does it actually mean if it is true? They can decrypt messages from themselves on your machine or confirm messages came from them? Hardly seems to matter unless they have a way to deliver a payload to begin with.
|
|
|
|
|
Assume they're sitting right beside you. They see everything. Pick a door.
|
|
|
|
|
I pick the door that leads to an explanation of why this matters. Not to mention this key was discovered in 1999 (See this Wikipedia article[^]), and Microsoft actually did deny the NSA had access to it, contrary to what the article states. It all seems like a bunch of scare tactics with no foundation in reality to me.
|
|
|
|
|
In 1999 the US Gov't would not even admit the NSA existed - aka "No Such Agency"
Question is - is that reg key (and who knows where else it sits) used for a crypto seed - or is it a unique ID....
|
|
|
|
|
Rene Pilon wrote: Question is - is that reg key (and who knows where else it sits) used for a crypto seed - or is it a unique ID.... It's a public key[^], and it's the same on everyone's machine. In short, from my understanding, a public key allows you to do two things:
1. Decrypt data encrypted with the associated private key.
2. Confirm data came from the owner of the private key.
Neither of those is a danger to anyone's computer directly. There could be an issue of what you're decrypting (e.g. spyware of some sort), but then, why bother sending it encrypted if everyone has the key on their machine? The next is using it to confirm something was sent from a specific sender. So at worst, it would confirm some data came from the NSA. Unless there's more to it, e.g. it's open to any incoming internet traffic and will decode and execute arbitrary data, that alone isn't enough to be an obvious threat.
The real things to consider here:
a. Does it actually have anything to do with the NSA? (Seems like it would be a little stupid of them to label it "NSAKEY" if it was supposed to be some secret backdoor. It could easily stand for something like "Null Signing Authority", which would make sense for a test key.)
b. What is that module actually used for? How could it actually allow someone to compromise an entire computer?
c. Would MS actually go along with something like this? Seems a little dangerous to intentionally include any sort of back door, not to mention potential backlash.
|
|
|
|
|
I don't think it's related to a backdoor. I wasn't aware that all win 95 installs had the identical key value for that key.
As per c above - I'm not going to touch that one....
|
|
|
|
|
When people talk about “internet” and “cars” people usually think of internet-connected automobiles for the purposes of infotainment.... Today you can buy an Audi or a Dodge Ram pickup with a wifi hotspot (connected via mobile broadband) and you’ll see similar capabilities from other manufacturers in the next 1-2 years. Internet & software giants like Google (Google Maps now powers Audi nav systems) and Microsoft (Sync infotainment created in conjunction with Ford) have been hard at work to remain at the leading edge of innovation here. But to me infotainment is really just a small part of the internet connected car story. What will ubiquitous connected computing mean for your next automobile?
|
|
|
|
|
Microsoft and Oracle coming together to actually work together[^]? Java and Oracle databases are to gain first class citizenship in Azure Hyper-V.
|
|
|
|
|
did it feel anything like that time with IBM and Microsoft came together to work on a graphical OS?
you want something inspirational??
|
|
|
|
|
No, that time it made sense. MS and IBM locked in a battle to break the other.
|
|
|
|
|
In the nearly fifty years since beginning the book, 'The Art of Computer Programming', that has almost defined computer programming as much as it has defined him, Donald Knuth has received awards including the Kyoto Prize (1996), the Turing Award (1974), and the National Medal of Science (1979). He is an extraordinary man. As well as inventing 'Literate Programming' and writing the most important textbook on programming algorithms, he is also famous for designing and programming one of the most widely-used digital typesetting systems ever, even designing the fonts that went with it. He also pioneered the use of 'Open-source' software. From the art of building software to art of building pipe organs.
|
|
|
|
|
In my review of Get Lamp, the documentary about text adventures, I mentioned that the original Infocom employees believed the market for these games could exist for hundreds of years. After all, the novel is still around today and, despite stiff competition from movies and video games, writing fiction is still a profitable endeavor. Why not interactive fiction? The reality, however, is that since the demise of Infocom in 1989, many people have tried to make interactive fiction into a commercial endeavor. None have been able to figure out how to make the financial side work—until recently. Everything changed with the rise of smartphones and tablets. You are reading a newsletter. There are links above you and below you...
|
|
|
|
|
“All the marketable software has already been written.” That sounds like a true enough statement. How am I going to make any money writing software when all the app ideas have been taken and the established software companies are already controlling the market? What software can I write that will allow me to earn a living? Of course I said this in 1982 when I was mainly doing contract development on Apple ][, CP/M, and the newly popular PC-DOS machines. You don't even need a new idea. Just take an old idea and make it better.
|
|
|
|